Fortinet black logo

FortiGate-7000F Handbook

Device failure

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:584714
Download PDF

Device failure

If the primary FortiGate-7000F encounters a problem that is severe enough to cause it to fail, the secondary FortiGate-7000F becomes new primary FortiGate-7000F. This occurs because the secondary FortiGate-7000F is constantly waiting to negotiate to become primary FortiGate-7000F. Only the heartbeat packets sent by the primary FortiGate-7000F keep the secondary FortiGate-7000F from becoming the primary FortiGate-7000F. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate-7000F. If this timer is allowed to run out because the secondary FortiGate-7000F does not receive heartbeat packets from the primary FortiGate-7000F, the secondary FortiGate-7000F assumes that the primary FortiGate-7000F has failed and becomes the primary FortiGate-7000F.

The new primary FortiGate-7000F will have the same MAC and IP addresses as the former primary FortiGate-7000F. The new primary FortiGate-7000F then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate-7000F. Sessions then resume with the new primary FortiGate-7000F.

Device failure

If the primary FortiGate-7000F encounters a problem that is severe enough to cause it to fail, the secondary FortiGate-7000F becomes new primary FortiGate-7000F. This occurs because the secondary FortiGate-7000F is constantly waiting to negotiate to become primary FortiGate-7000F. Only the heartbeat packets sent by the primary FortiGate-7000F keep the secondary FortiGate-7000F from becoming the primary FortiGate-7000F. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate-7000F. If this timer is allowed to run out because the secondary FortiGate-7000F does not receive heartbeat packets from the primary FortiGate-7000F, the secondary FortiGate-7000F assumes that the primary FortiGate-7000F has failed and becomes the primary FortiGate-7000F.

The new primary FortiGate-7000F will have the same MAC and IP addresses as the former primary FortiGate-7000F. The new primary FortiGate-7000F then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate-7000F. Sessions then resume with the new primary FortiGate-7000F.